Full
Name: |
Downloader-MSB |
| Type: |
Trojan |
| Also Known As: |
Troj/Dloader-SL (SOPHOS)
Trojan.Downloader.Small.Popcorn64
Trojan.Downloader.Small.Popcorn |
| Danger Level: |
5 |
| Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
| Comment: |
Downloads software without users knowledge. |
| |
|
| Properties: |
|
| Manual Removal: |
From SOPHOS.
When first run Troj/Dloader-SL copies itself to <System>\popcorn72.exe and creates the following files:
<System>\msblank.html
Troj/Dloader-SL changes the Start Page for Microsoft Internet Explorer by setting the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
<System>\msblank.html
When run, msblank.html will attempt to download another executable.
The following registry entry is created to run popcorn72.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ControlPanel
<System>\popcorn72.exe rundll.dll,LoadMouseProfile
Troj/Dloader-SL will attempt to download executables and run exectuables and store them in the following locations:
\%CurrentFolder%\1.dat
\%CurrentFolder%\2.dat
\%CurrentFolder%\3.dat
<System>\winctrl16.exe
<System>\winctrl32.exe
<System>\winctrl64.exe |
